I've manged to create a simple network as in attached picture. The AP (IAP 207) uses a native VLAN to communicate with the router to access the Internet, and passes the vlan 550 (NAT) as tagged traffic to the switch. I've created a local DHCP Scope as VLAN 550 on IAP and applied both to wired and a wireless profile. I've created a specific role that I've applied to both profiles that does some filter regrading social networking and work ethics sites. The filters works well on wifi user but not on wired.
#show clients wired -- is an empty list, the wired user is present on dhcp and show arp, it's getting source NAT and have access to internet but no filter is applied. I've tried both applying directly Network-based rules or Role-based rule (applying a dummy rule to always match as seen on app.png) on wired profile but no success on filtering for the wired profle, (same config on wireless profile all goes as it should).
Does anyone know if this is doable did anyone tried this? Regards